Please read! RPC/DCOM exploit details

sdm

This is Dog Fort
VIP Junglist
Messages
12,717
Likes
17
#1
shut up mang said:
There is a new worm out called MSBLASTER exploiting the RPC/DCOM exploit, that only affects windows machines. If you are running:
Windows XP
Windows 2000
or pretty much any version of windows really,
and keep getting a
"REMOTE PROCEDURE CALL error this machine will be shut down in 45 seconds..............." popup,

YOU ARE BEING ATTACKED BY THE WORM !!

GEEK DETAILS

GEEK DETAILS B

CHECK IF PORT 135 is open on your computer

If port 135 is open you may be vulnerable. Patch it.

Instructions:

:::For XP:::
http://download.microsoft.com/downl...e-b7a52a983f01/WindowsXP-KB823980-x86-ENU.exe


::for Windows 2000::
PATCH
-thanks derekduvale

::Everyone else:: ( is there anybody else ?)
Attempt to head over to windows update @ support.microsoft.com

notes from the Melody ( concerning dialup woes) :
"when the computer restarts press f5 and enter in safe mode with networking, it'll take a few times like that but eventually it WILL install everything and then you just reboot and you're good as gold."

notes from the s010 :
"remove all instances of 'msblast.exe' and
delete registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows auto update"

@stelf - not too sure, if those issues are host related, however this worm is going to be huge, and network traffic in general will make your connection slow/unresponsive
@melody, stelf, The Ali Man and mpc_dv8 - np
@tremors, and melody - big up

Macs are NOT affected YET.

invest in a firewall of some sort if you haven't already:>

:twothumbs

thanks for teh sticky..
Just passing the details on - If this fucks up your PC, DNBforum takes no responsibility.

:banana:
 

Affliction

thought size didnt matter
VIP Junglist
Messages
1,192
Likes
3
#4
this one fucked me up last night.... turns out i was one of the first 11 people in the country to get this virus... which im weirdly proud of. Fuck knows how it got in though, ive got all the firewalls / virus scanners you could imagine :-/

note to windows 2000 users... you need service pack 2 installed to run the patch
 

zeeky deek

Moaning all the time.
VIP Junglist
Messages
1,027
Likes
2
#8
u wanna know annoyance?

my beatch lil sister left my firewall off cos she was busy DLin films.... GRRRR!!!! got the virus innit, tryin my damndest to fix it now.

sooooooo :alchy: off
 

1992

Novantadue
VIP Junglist
Messages
2,279
Likes
3
#9
I just came here to post a thread like this but it appears Stu beat me to it.

As I posted in Waffles, I just got my new PC running which is a Windows XP system (my old one was Win95). I was having a ball, surfing around the web and seeing all the icons pop up nice and fast untill about a half hour into my adventures I clicked on freeagent's freindster post when the now world famous message box popped up (only at the time I didn't know it was so famous and on the TV last night as my mother mentioned):


(this is a gif image, not the real thing)

I thought something was wrong with my computer for the longest time till I called DELL support and heard an automated message about the fact this wasn't a glitch in the OS but a Virus. I figured out how to get the patch and I updated my virus scaner. This took me about 3 hours when all was said and done.

What blows me away is that this virus downloaded and ran on my new computer without any intervention from me at all. This isn't suppose to happen but it does on this Windows XP because of this retarted feature called "Automatic Update". My windows 3.1 machine and Windows 95 machine didn't have this "Automatic Update" so why the frikken hell does Microsoft think I need it now? I got along just fine without it and you know what? I'm not turning it back on!!! I wanted to turn it off when I got this computer last May but I figured since I wasn't hooked up to the internet then It didn't matter...... then look what happens... only a half hour of internet browsing and I get "Automaticly Updated with a VIRUS!" As you British would say..... "BRILLIANT!"

I figured I aught to come back here and mention that I probably got it from this website somehow as thats when my computer first counted down to 0... But it looks like Stu figured this out already and I didn't read the message. Even if I did read the message I would never have beleived that a virus can actually download itself and run, all completely automated... Thats some serious hi-tech virus.

I'll tell you one thing.... Windows 95 fucking ROCKS because no one writes viruses for that OS anymore. Thats why I was fine for the 2 days it circulated around the net as thats what I was using to surf.

And who the hell is SAN? I'll tell you what I know.... I don't LUV him!

Maybe I should set up a firewall? I never did in the past and I've been ok. I'm actually more upset with the 700 messages of spam in my email box every weekend while I'm at the shore. I need to get myself some sort of good free spam filter..... :/
 
Last edited:

Charlie Van Pelt

Charles N. Charge
Messages
280
Likes
0
#10
Re: Re: Please read! RPC/DCOM exploit details

freeagent said:
People need to start installing firewalls.

http://www.zonelabs.com/
Be careful with that one. I had that firewall and Norton Antivirus 2002 at home; they used to cause a lot of problems together.

After getting rid of both programs and installing new AV/firewall software from our ISP, the PC works like a dream.

Chuck :drums:
 

freeagent

Almost 30
VIP Junglist
Messages
1,891
Likes
1
#11
Re: Re: Re: Please read! RPC/DCOM exploit details

@1992, just use the XP firewall.

Disconnect from the internet. Go to Start|Connect To|, then right-click your internet connection and select properties, and under the last tab, it should have a check-box to activate the firewall. This isn't the best firewall, but it will save you from that stoopid virus. Also, get the removal tool here:

http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html
 

1992

Novantadue
VIP Junglist
Messages
2,279
Likes
3
#12
Re: Re: Re: Re: Please read! RPC/DCOM exploit details

freeagent said:
@1992, just use the XP firewall.

Disconnect from the internet. Go to Start|Connect To|, then right-click your internet connection and select properties, and under the last tab, it should have a check-box to activate the firewall. This isn't the best firewall, but it will save you from that stoopid virus.
Done! Thanks. :broke_ima

Also, get the removal tool here:
Been there done that. I have the patch and I removed WSBlast.exe The name of that virus reminds me of a Force Mass Motion record which has the sample "Techno Blast, Techno Blast, we have the Techno Blast".
 
Top